| 一种新的访问控制模型——TBPM-RBAC |
| |
| 引用本文: | 王瑜,卿斯汉.一种新的访问控制模型——TBPM-RBAC[J].计算机科学,2005,32(2):169-172. |
| |
| 作者姓名: | 王瑜 卿斯汉 |
| |
| 作者单位: | 中国科学院软件研究所信息安全技术工程研究中心,北京,100080 |
| |
| 摘 要: | 基于角色的访问控制RBAC(role—based access control)能够降低访问控制管理工作的复杂性,但是要在RBAC申高效合理地为角色配置权限仍然具有一定的难度,而且RBAC不适合处理存在依赖和时序关系的访问控制。本文通过在RBAC中引入任务机制解决以上两点困难,即权限被授予任务,任务被授予角色,角色只能使用它正在执行的任务所允许的权限。提出了TBPM-RBAC(task—based permissions management in RBAC)模型,给出了模型的定义,对模型进行了分析并给出了模型的两个应用示例。
|
| 关 键 词: | RBAC 访问控制模型 权限 基于角色的访问控制 任务 时序关系 配置 执行 管理工作 机制 |
A New Access Control Model--TBPM-RBAC |
| |
| WANG Yu,QING Si-han.A New Access Control Model--TBPM-RBAC[J].Computer Science,2005,32(2):169-172. |
| |
| Authors: | WANG Yu QING Si-han |
| |
| Affiliation: | WANG Yu,QING Si-Han Engineering Research Center for Information Security Technology,Institute of Software,Chinese Academy of Sciences,Beijing 100080 |
| |
| Abstract: | RBAC (role-based access control)can reduce the complexity of the management of access control, but it's still rather difficult to assign permissions to roles efficiently and reasonably,further more,RBAC is not fit to manage the access controls where exists dependency and sequence. This paper tries to solve the two difficulties mentioned above by embedding task mechanism in RBAC,that is,permissions are assigned to tasks,tasks are assigned to roles, and a role can only use the permissions that are allowed by the tasks it's executing. A model called TBPM-RBAC (task-based permissions management in RBAC)is proposed,then we present the definitions of the model,analyze the model and give two application examples of the model. |
| |
| Keywords: | Role RBAC Access control Task |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
点击此处可从《计算机科学》下载全文 |
|
